Weave a dream(Dedecms)V5. X local file inclusion vulnerability-vulnerability warning-the black bar safety net

Release time: 2013-03-29 GMT+0 8 0 0 Vulnerability version: DedeCms 5. x Vulnerability description: DedeCms is a free PHP web content management system. plus/carbuyaction. php has no variable strict filtering Vulnerabilities of the two files is: Include/payment/alipay.php Include/payment/yeepay.p...

DedeCms 5.x 本地文件包含漏洞(respond方法)

DedeCms是免费的PHP网站内容管理系统。 plus/carbuyaction.php里没有对变量进行严格的过滤 出现漏洞的两个文件为： Include/payment/alipay.php Include/payment/yeepay.php 漏洞均出现在respond方法里 Include/payment/alipay.php code...... function respond if !empty$POST foreach$POST as $key = $data $GET$key = $data; / 引入配置文件 / requireonce...